CMMC Level 1 FCI Self Assessment

CMMC Level 1: FCI - Foundation

Foundation Level (Level 1) encompasses the basic safeguarding requirements for FCI specified in FAR Clause 52.204-21.

Keep Reading
CMMC Level 2 CUI Self or 3rd Party Lead Assessment

CMMC Level 2: CUI - Advanced

Level 2, referred to as the advanced level focuses on the protection of CUI. Advanced Level (Level 2) encompasses the security requirements for CUI specified in NIST SP 800-171 per DFARS Clause 252.204-7012.

Keep Reading
CMMC Level 3 CUI Government Lead Assessment

CMMC Level 3: CUI - Expert

The DoD intends for Level 3 (“Expert”) cybersecurity requirements to be assessed by Government officials. Assessment requirements are currently under development.

Keep Reading

What is the CMMC CAP?

The CMMC Assessment Plan (CAP) is organized across four (4) phases and describes the required activities to ensure that CMMC Assessments (for Level 2) are conducted consistently across the DIB. The four phases are:


Phase 1: Plan and Prepare the Assessment

A strong and effective CMMC Certification Assessment begins with a well-organized planning and preparation effort.

Contact Us

Phase 2: Conduct the Assessment

The purpose of Phase 2 is to assess the implementation of CMMC practices by the OSC in conformance with the CMMC Model.

Contact Us

Phase 3: Report Assessment Results

In this phase, the Lead Assessor (with or without the Assessment Team Members) shall deliver the recommended Assessment results to the OSC during the Final Findings Briefing.

Contact Us

Phase 4: Close-Out POA&Ms and Assessment (if necessary)

The purpose of this phase is to allow OSCs that received a Conditional CMMC Level 2 Certification during Phase 3 to close out all practices validated on Plans of Action and Milestones (POA&M) during the C3PAO Assessment.

Contact Us

Are you ready for a CMMC Assessment?

We can help you identify the gap between your current security posture and your target CMMC Level.

CMMC-Consultants Security Assessment protecting DoD Supply Chain

Establish baseline for your current risk/compliance profile.

CMMC Gap Remediation update security plans policies procedures

Plan of Action for meeting assessment goals.

CMMC-Consultants readiness review preparation for assessment

Testing and evaluating security controls.

CMMC-Consultants is a CYBER-AB CCP CMMC Certified Professional Consulting Firm

Gain a comprehensive understanding of the CMMC maturity levels, domains, capabilities, processes, and practices. Understand the relationship between CMMC model, FAR clause 52.204-21, DFARS clause 252.204-7012, NIST SP 800-171, and other standards and frameworks. Gain the ability to interpret the requirements of the CMMC model in the specific context for an Organization Seeking Certification (OSC). Develop the necessary knowledge to support an organization in effectively planning, implementing, and attaining the required CMMC maturity level.

CMMC Certified Professional CCP CYBER-AB

CMMC-Consultants is a CompTIA Security + Certified Consulting Firm

Provides us with the proper core Cybersecurity skills including advanced data cryptography & encryption, developing security policies, monitoring and diagnosing network traffic, risk manangement, identity access management, securing cloud deployments, identify threats-attacks-vulnerabilities.

Security + CE CompTIA

CMMC-Consultants is a HIPAA Academy Certified-HIPAA-Professional (CHP) Consulting Firm

Provides us with thorough working knowledge of the U.S. HIPAA Law and Regulations. CFR 45 164.308, 164.310 & 164.312, the Administrative, Technical and Physical safeguards of electronic Private Health Information (ePHI). 20 years of identifying ePHI and providing Confidentiality-Integrity-Availability of those patient records.

Certified HIPAA Professional - CHP ecFirst HIPAA Academy

CMMC-Consultants Certified Penetration Test Consulting Firm

Provides us the ability to demonstrate the most relevant pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises servers and endpoints. Target enumeration, OSINT data gathering and advanced social engineering tactics, techniques and procedures.

PenTest + Certified CompTIA

Meet Marc Murphy

CEO - CISO - CMMC-Consultants

A security & compliance focused CISO with over 30 years of experience supporting Microsoft servers, clients, and network services. The last 20 years have been focused on continually identifying and safeguarding electronic Private Health Information (ePHI).

01. Marc's 30 years of IT security experience

As a Security & Compliance Officer for several medical practices for the past 10 years, he has never allowed a breach of ANY patient records or company data in part due to strict adherence to NIST Guidelines and establishing a layered defense against malicious attacks.

02.Marc’s mission: Secure our nation's DIB supply chain.

Preparing OSC's for CMMC Certification by understanding their position within the three levels of cybersecurity maturity and identifying Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) data in their organization.

03.Marc has been an active practitioner in the Cybersecurity Sector:

Being a Network Administrator for 30 years has afforded me the opportunity to participate in the birth of the Cybersecurity industry and in the maturation process to help secure our nation's digital assets.

04.A personal message from CEO - Marc Murphy

I’m Marc Murphy, CEO and CCP for CMMC-Consultants. I have 30 years of experience in the IT industry. My firm advises and remediates CMMC compliance gaps for small to mid-sized DIB companies. For the past 20 years I have been identifying and securing ePHI in the Healthcare IT field. This experience has given me a vital skillset in data identification/classification that now applies to identifying Federal Contract Information and Controlled Unclassified Information, which ePHI falls under.
Securing data for the DIB is a personal passion for me as a military historian and having a long family history of Military Service stretching back through Vietnam, WW2, WW1 and back to the Civil War. This mission to protect the US War Fighter is a noble and urgent the words of the WW2 War Bond effort....keep ‘em flying!

CMMC-Consultants Marc Murphy - CEO - Certified CMMC Professional Penetration-Test + Certified